UBUNTU 12.10 through 15.10 SECURITY WARNING (shopping lens spyware)

Update 2016: Ubuntu has thrown in the towel on sypware by default: Beginning with Ubuntu 16.06 (Xenial Xerus), Ubuntu’s flagship Unity desktop now defaults to local search only. It requires deliberately turning on global/online search for searches in the dash to connect to the Internet and return (loggable) non-local results. The “shopping lens” that connects to Amazon will also be disabled by default and have to be separately turned on to function. Thus the article below applies only to Ubuntu versions from 12.10 through 15.10, with and only with the “Unity” desktop. Unity 8 may be another story but so far is only used in Ubuntu Phone.

A lot of us use Ubuntu or other Linux distros because they are more secure than Windows. Well, beginning with the new 12.10 (Quantal Quenzal) release of the offical “Ubuntu” desktop version and up until the 16.04(Xenial Xerus)release of the same, your desktop searches in the “dash” are forwarded to Amazon, which can and WILL log them. The “smart scopes” beginning in 13.10 includes even more possible online search possiblities. In fact, Ubuntu’s privacy policy has in the past (not sure if they still do) listed FACEBOOK as among the sites they share information with for online searches from the dash. Facebook is far more dangerous than Amazon. If you use Ubuntu 12.10 through 15.10 withe “Unity” desktop, be sure to disable all online searches in “privacy!”

All those server logs are no doubt accessable to the usual security agencies, going to Amazon to see who searched for, say, a document on their computer called “plan to disrupt Spring Meetings.” Suposedly Ubuntu gets only the “who” and Amazon only the “what,” except that thumbnails are sent from Amazon directly to users computers-meaning to IP addresses that Amazon will log. Needless to say, Ubuntu gets a cut on all purchases people make this way. They may regret this if they also get a “cut” of requests by British security forces for data Amazon (US-based) refuses to provide, if any.

Note: This applies ONLY to the default “Ubuntu” release and installers/live disks. It does NOT apply to derivatives that do not use the “unity” desktop environment. These include Xubuntu, Lubuntu, Ubuntu Studio aas well as “external” derivatives such as Linux Mint. These can all be used with confidence, as can be Debian, on which Ubuntu is based. Ubuntustudio comes with a whole suite of excellent audio, video, and photoediting applications ready to go.

UPDATE 5-1-2013 Even Ubuntu’s official blog, omgubuntu.co.uk is now advising people to “axe Amazon suggestions” in their “10 things to do after installing Ubuntu 13.04” posting. A replacement for this feature, to be known as “smart scopes” wasn’t ready in time to make the 13.04 release. When this comes out, secure computers will still require disabling all online “scopes” in order to safely search your own files.

DETAILS:

This applies to all new installs with 12.10 (Quantal Quenzal) through 15.10(Wily Werewolf), to running that live disk (do NOT use these no obsolete disks in an infoshop!), and probably to upgrades or still older versions to 12.10. Best fix: update or reinstall Ubuntu to 16.04 or later. To keep the older versions, the fix is to remove the “unity-lens-shopping” package with the command “sudo apt-get purge ubuntu-lens-shopping” As a further precaution, remove the “music” and “video” lenses, which may now or in the future search online music and movie stores unless told not to. Be SURE to remove all “unity-scope” packages that anyone may have installed if you didn’t install Ubuntu yourself, as some of them also look online. It goes without saying that remote logging of desktop searches is entirely unacceptable for political work where grand juries and police are real hazards!

If you do NOTHING else with Ubuntu 12.10 or 13.04, click on the user icon you use to turn the machine off, go to “privacy” and disable online searches in the dash! This shuts down the shopping lens, leaving it installed, but might be ignored by a third party “lens,” so don’t install any “lenses” that can ever look online. Better to remove such unused software-you aren’t using it but some hacker might find a vulnerability in it.

In Ubuntu 13.10, there are multiple online “scopes,” by default, best bet is to remove them all if you want your computer to work like a private computer and not a smartphone.

Unity is safe if the shopping lens and all online “scopes” are removed or disabled. Remove the audio and video lenses too, in case some update ever makes them look in music or movie stores without a “unity-scope” package like “unity-scope-video-remote” now used to enable online video search.

If you are not up for removing software, use Debian, Mint, Xubuntu, Lubuntu, Ubuntustudio, anything other than mainstream “ubuntu” with the Unity desktop and shopping lens

This is especially important for running a live disk in a no hard drive public computer workstation, as the shopping lens probably will NOT get manually disabled at every reboot! The Long Haul infoshop out west chose NOT to replace hard drives after a raid, so no more persistant records of what people did could exist. That deters future raids, but if they used Ubuntu 12.10, a very limited subset of what people did could be gotten from Amazon unless someone ran “sudo apt-get purge ubuntu-lens-shopping” after every single reboot. Xubuntu or Ubuntustudio (both using the XFCE desktop) are both good for this role, as XFCE is lighter than “new style” desktops and better suited to older machines. For saving old Windows XP boxes as XP goes unsupported, Ubuntu recommends installing Lubuntu (with LXDE desktop environment, not Unity-based Ubuntu. An older, former Windows XP machine running a Lubuntu live disk and no hard drive at all makes a very safe and secure Infoshop public access computer that cannot retain anyone’s data when it is shut off.

If you run an infoshop and someone insists on using plain Ubuntu 12:10 through 15.10 disks in public computers, tape a note to the computers reminding ALL USERS to go to “privacy” and “diable online searches from the dash” at the start of every session!

This is NOT about hate for Canonical, the company behind Ubuntu. Windows 10 is far, far worse. Windows has gotten so bad that the Steam game company started to jump ship to Ubuntu when Windows 8 came out, fearing Microsoft would attempt to lock everything to their Microsoft Store. Instead, this is about our needs as activists being incompatable with what Canonical is trying to do. We need security and privacy, they want to go into the smartphone market where online “apps” are the rule and not the exception, and they want money from Amazon. Canonical is a corporation, not an activist collective sworn to making war on Microsoft.

Are Canonical and Amazon executives willing to sit in jail for 5 months like the grand jury resistors did for refusing to answer a subpeona for shopping lens data? If not, we activists must not use the shopping lens, and I suspect Canonical would prefer we didn’t as well, to save them the subpeonas and unwanted attention from British intelligence agencies.

This depends on your objective. For extreme security cases like the next Snowden-level whistleblower, one of these distros over Coreboot (replacing the BIOS) can reduce the attack surface for three letter agency type opposition. If you have a laptop that can run Trisquel over Coreboot and make the wifi work, that’s the one to use for high-security online work, but Tails, not Trisquel, is the distro you use for Tor work. If the machine will get online with Trisquel, it should not need closed firmware to get online under Tails either. BTW, replacing UEFI with Coreboot calling a SeaBIOS “payload” is one way to get TAILS to boot on a UEFI machine, maybe the easist way.

On the other hand, as of April 2, 2014 there have been no reports of an NSA exploit against CPU or video card firmware sending anyone to jail or Guantanimo Bay by say, fetching the disk key from RAM while the computer is running. Such malicious firmware (or any other malicious software) would be easy for cops to send to a Windows machine, but no Linux distro is known to have given the NSA a second package signing key to permit similar exploits against any kind of Linux: not Ubuntu, not Mint, not Red Hat/Fedora, none of them.

Given that real-world fact, if you need 3d video drivers, go ahead and use them, especially if you have AMD or Intel graphics. Even if you have Nvidia, using their binary blob is a lot more “free and open” than paying MONEY for a new AMD card or a new Intel motherboard! It also doesn’t mine conflict minerals or use fossil fuels to make and ship that new hardware. Just don’t mount any encrypted device while the graphical desktop is running while using Nvidia’s blob as it can’t be audited. It isn’t running yet when you open encrypted disks at boot time so it can’t get your passphrase.

As for all this stuff about boycotting H264 and MP3, that battle was lost a long time ago. Video and audio published in open codecs, WebM included, won’t play on those huge numbers of Windows XP/Pentium 4 computers seen throughout the activist community and elsewhere. A media file that won’t play on a Windows computer without installing software can’t be played at work, at school, or anywhere else people have old Windows computers with no administrative access. Anyone usng Linux only in ways that cannot interface with other people who are still using Windows or iPhone is likely to end up using one of those systems themselves for that purpose. Trisquel and Windows for a gaming dual-booter, or LinuxMint for everything on that same machine?

The one possible exception is network hardware/software/firmware: The NSA has dedicated more attention to ROUTER firmware than seemingly any other mode of attack, as this allows access to entire networks. NSA-friendly CISCO routers should be considered paperweights unless no other can be obtained and the network can be presumed malicious (as is the Internet itself).

If you have a pile of wifi cards or USB devices, load a USB flash drive with Trisquel and boot each wifi device one at a time. If any of them work, they will work in ALL your Linux distros without having to load closed binary firmware. Put them in the “good” pile, mark them as such and put away the rest for low-security uses. Don’t bother buying new unless building a maximum-security setup, and in that case remember: cash only!

If you have a wifi (or any other network) card that needs a Windows (closed) driver and not just firmware to run, that is a lot of attack surface, and any exploit works on Windows machines too, thus is more likely to be written. An attacker aiming at Windows would find the large driver blob much easier to drop things like “phone home” URL’s into than the tiny firmware blob.